Systems and methods for bi-directional machine-learning (ML)-based network compatibility engine

ABSTRACT

An ML-based method for conforming a target network to control requirements of a host network is provided. The method may include running a first digital scan of the host network and determining the host network&#39;s control requirements based on the first digital scan. The method may include identifying, based on the second digital scan, elements of the target network that violate the control requirements. The method may include generating a compliance report and/or an executable file. The compliance report may include a compatibility score of the target network vis-à-vis the host network, and a compatibility plan that includes steps which improve the compatibility score and conform the target network to the control requirements of the host network. The executable file, when executed at the target network, may execute the compatibility plan.

FIELD OF TECHNOLOGY

Aspects of the disclosure relate to digital systems. Specifically,aspects of the disclosure relate to machine-learning-based systemswithin multi-network environments.

BACKGROUND OF THE DISCLOSURE

Entities running digital networks often utilize third party networks inconjunction with their own networks. For example, the entity maycontract with a third party vendor to perform a service. Performance ofthe service may involve the third party's network running on, or inconnection with, the entity's network.

The entity may have security or other control requirements and standardsfor its digital environment. When a third party's network is running on,or in connection with, the entity's network, the entity's environmentmay be jeopardized if the third party network does not comply with thecontrol requirements of the entity network.

Accordingly, it would be desirable to provide systems and methods fordetermining the compliance of a target third party network with thecontrol requirements of a host network. It would be further desirable toupdate the target network to conform to the control requirements.

Moreover, the control requirements and standards for the entity'sdigital environment are sometimes not known or readily available. Itwould be further desirable, therefore, for the systems and methods toautonomously determine the control requirements of the entity's digitalenvironment prior to determining the compliance of the target network.

SUMMARY OF THE DISCLOSURE

Aspects of the disclosure relate to a bi-directional machine-learning(ML)-based network compatibility engine. The engine may include aprocessor, an ML module, a non-transitory memory, and computerexecutable instructions stored in the memory. The instructions, when runon the processor, may perform some or all the features of the engine.

The engine may be configured to scan a host network and determine, usingthe ML module, the host network's control requirements based on thescan. The engine may also be configured to scan a target network andidentify elements of the target network that violate the controlrequirements.

The engine may be configured to generate, using the ML engine, acompliance report and an executable file. The compliance report mayinclude a compatibility score of the target network vis-à-vis the hostnetwork. The compliance report may also include a compatibility planthat includes steps which improve the compatibility score and conformthe target network to the control requirements of the host network. Theexecutable file, when executed at the target network, may be configuredto execute the compatibility plan.

BRIEF DESCRIPTION OF THE DRAWINGS

The objects and advantages of the disclosure will be apparent uponconsideration of the following detailed description, taken inconjunction with the accompanying drawings, in which like referencecharacters refer to like parts throughout, and in which:

FIG. 1 shows an illustrative system in accordance with principles of thedisclosure;

FIG. 2 shows an illustrative apparatus in accordance with principles ofthe disclosure;

FIG. 3 shows an illustrative system architecture in accordance withprinciples of the disclosure;

FIG. 4 shows an illustrative flowchart in accordance with principles ofthe disclosure; and

FIG. 5 shows another illustrative flowchart in accordance withprinciples of the disclosure.

DETAILED DESCRIPTION OF THE DISCLOSURE

Aspects of the disclosure relate to a bi-directional machine-learning(ML)-based network compatibility engine. In certain embodiments, theengine may be part of, or may otherwise be referred to as, a system. Theengine may include a processor, an ML module, a non-transitory memory,and computer executable instructions stored in the memory. Theinstructions, when run on the processor, may perform some or all thefeatures of the engine.

The engine may be configured to scan a host network. The host networkmay, for example, be a network associated with an entity. The entity maywish to utilize another network, otherwise referred to herein as atarget network, in conjunction with the host network. Utilization of thetarget network in conjunction with the host network may include runningthe target network on the host network. Utilization of the targetnetwork in conjunction with the host network may also include runningthe target network adjacent to, or in communication with, the hostnetwork.

The target network may be associated with a third party. In someembodiments, the target network may be associated with the same entityas the host network. The target network may be providing a service. Theservice may include software as a service (SAAS). In some embodiments,the target network may be a network that is being incorporated with thehost network, physically or virtually, to create a combined network.

The host network may be associated with control requirements. Thecontrol requirements may include certain settings, configurations,and/or specifications that are recommended or required for safe, secure,and/or efficient operation of the host network. For example, the hostnetwork may require a certain level of security within the targetnetwork. The level of security may include network firewall settings andconfigurations. The level of security may include data loss prevention(DLP) settings and configurations. The level of security may include thepresence of, or a threshold degree of, anti-virus protection. Degree ofanti-virus protection may include a minimum version number or year. Inanother example, the host network may require a certain amount of memoryor processing power, or suitable software capabilities, to be availableon the target network.

The engine may be configured to determine the host network's controlrequirements based on the scan. The determination may be performed usingthe ML module. For example, certain hardware or software components, orcombinations of components, may be associated with certain controlrequirements. The associations may be based on manufacturer or developerrecommendations. These recommendations may be available online, and theML module may be trained to mine the internet for such information.

In another example, the associations may be based on historical dataregarding operations of the host network and/or other comparablenetworks. The operations may include interactions between the hostnetwork and the present, or alternatively, other, target networks. TheML module may be trained with the historical data and may learn whichcomponents and component combinations require certain controlconfigurations to operate properly. The associations may also be legalbased. For example, certain components, such as databases storingsensitive information, may be associated with legally mandated privacycontrols.

The engine may be configured to scan the target network and identifyelements of the target network that violate the control requirementsdetermined for the host network. For example, if the scan of the hostnetwork determined that a control requirement included version 10 of anoperating system (OS), the scan of the target network may identify thatthe target network has version 9 of the OS, and therefore violates thecontrol requirements.

The engine may be configured to generate, using the ML engine, acompliance report and an executable file. The compliance report mayinclude a compatibility score of the target network vis-à-vis the hostnetwork. The compatibility score may be a letter or number score thatreflects a degree of compliance of the target network with the controlrequirements of the host network.

The compatibility score may, in certain embodiments, be a binary (e.g.,pass/fail) indication of compliance versus non-compliance of the targetnetwork with the control requirements of the host network. For example,in the aforementioned scenario where the control requirements of thehost network were determined to include version 10 of the OS, and thescan of the target network identified version 9 the OS, thecompatibility score of the target network may indicate a fail.

The compliance report may also include a compatibility plan thatincludes steps which improve the compatibility score and/or conform thetarget network to the control requirements of the host network. Forexample, in the aforementioned scenario where the control requirementsof the host network were determined to include version 10 of the OS, andthe scan of the target network identified version 9 the OS, and thecompatibility score of the target network indicated a fail, thecompatibility plan may include executing an update of the OS to version10.

The executable file, when executed at the target network, may beconfigured to execute the compatibility plan. For example, theexecutable file may include instructions to execute the update (in theaforementioned scenario) or execute any other suitable installation oroperation included in the compatibility plan. In some embodiments, theengine may be further configured to automatically execute the executablefile at the target network.

In certain embodiments, the engine may be further configured toperiodically rescan the host network to determine if the controlrequirements are changed. For example, hardware or software componentsof the network may have been modified, or other changes may haveoccurred, which may effect a change in control requirements.

When the control requirements are changed, the engine may be configuredto rescan the target network to determine if the compatibility score orthe compatibility plan are changed due to the changed controlrequirements. When the compatibility score or the compatibility plan arechanged, the engine may be configured to update the compliance reportand/or the executable file.

In some embodiments, the engine may be configured to periodically rescanthe target network. Rescanning the target network may be executedindependently of any change to the control requirements of the host.Rescanning the target network may determine if the compatibility scoreor the compatibility plan are changed. When the compatibility score orthe compatibility plan are changed, the engine may update the compliancereport.

In some embodiments, the target network may be a first target network.The scan of the first target network may identify that the first targetnetwork is host to a second target network (i.e., a nested targetnetwork). In this scenario, the engine may be further configured todetermine, using the ML module, the first target network's controlrequirements. The engine may scan the second target network, identifyelements of the second target network that violate the controlrequirements of the first target network or of the host network, andincorporate information pertaining to the second target network into thecompliance report.

The system may thereby effectively perform a recursion of the processperformed on the host network and the first target to the first targetnetwork—in its function as a host—and the second target network. Therecursion may be further performed for additional successive nestedtarget networks identified in any downstream target networks.

In certain embodiments the engine may be configured to perform apreliminary scan of the target network to determine a category of thetarget network. The preliminary scan may be performed prior to the scanof the host network. Moreover, the scan of the host network may betailored based on the category of the target network. For example,different control requirements of the host network may be associatedwith different categories of target networks. The scan of the hostnetwork to determine the control requirements may be more efficient whentailored based on the category of the target network.

In some embodiments, the scan of the target network may be tailoredbased on the results of the scan of the host network. For example, thescan of the target network may be tailored to focus on components thatrelate to the control requirements that have been determined for thehost network, resulting in more efficient resource utilization.

An ML-based method for conforming a target network to controlrequirements of a host network is provided. The method may includerunning a first digital scan of the host network, and determining, usingan ML module, the host network's control requirements based on the firstdigital scan. The method may also include running a second digital scanof the target network, and identifying, based on the second digitalscan, elements of the target network that violate the controlrequirements.

The method may also include generating, using the ML engine, acompliance report and/or an executable file. The compliance report mayinclude a compatibility score of the target network vis-à-vis the hostnetwork, and a compatibility plan that includes steps which improve thecompatibility score and conform the target network to the controlrequirements of the host network. The executable file, when executed atthe target network, may execute the compatibility plan.

The method may, in some embodiments, include steps and features recitedelsewhere in the disclosure in conjunction with other methods, or withapparatus including disclosed systems and engines.

Apparatus and methods described herein are illustrative. Apparatus andmethods in accordance with this disclosure will now be described inconnection with the figures, which form a part hereof. The figures showillustrative features of apparatus and method steps in accordance withthe principles of this disclosure. It is understood that otherembodiments may be utilized, and that structural, functional, andprocedural modifications may be made without departing from the scopeand spirit of the present disclosure.

FIG. 1 shows an illustrative block diagram of system 100 that includescomputer 101. Computer 101 may alternatively be referred to herein as a“server” or a “computing device.” Computer 101 may be a workstation,desktop, laptop, tablet, smart phone, or any other suitable computingdevice. Elements of system 100, including computer 101, may be used toimplement various aspects of the systems and methods disclosed herein.

Computer 101 may have a processor 103 for controlling the operation ofthe device and its associated components, and may include RAM 105, ROM107, input/output module 109, and a memory 115. The processor 103 mayalso execute all software running on the computer—e.g., the operatingsystem and/or voice recognition software. Other components commonly usedfor computers, such as EEPROM or Flash memory or any other suitablecomponents, may also be part of the computer 101.

The memory 115 may be comprised of any suitable permanent storagetechnology—e.g., a hard drive. The memory 115 may store softwareincluding the operating system 117 and application(s) 119 along with anydata 111 needed for the operation of the system 100. Memory 115 may alsostore videos, text, and/or audio assistance files. The videos, text,and/or audio assistance files may also be stored in cache memory, or anyother suitable memory. Alternatively, some or all of computer executableinstructions (alternatively referred to as “code”) may be embodied inhardware or firmware (not shown). The computer 101 may execute theinstructions embodied by the software to perform various functions.

Input/output (“I/O”) module may include connectivity to a microphone,keyboard, touch screen, mouse, and/or stylus through which a user ofcomputer 101 may provide input. The input may include input relating tocursor movement. The input may relate to network control settings,configurations, and/or requirements. The input/output module may alsoinclude one or more speakers for providing audio output and a videodisplay device for providing textual, audio, audiovisual, and/orgraphical output. The input and output may be related to computerapplication functionality. The input and output may be related tonetwork control settings, configurations, and/or requirements.

System 100 may be connected to other systems via a local area network(LAN) interface 113.

System 100 may operate in a networked environment supporting connectionsto one or more remote computers, such as terminals 141 and 151.Terminals 141 and 151 may be personal computers or servers that includemany or all of the elements described above relative to system 100. Thenetwork connections depicted in FIG. 1 include a local area network(LAN) 125 and a wide area network (WAN) 129, but may also include othernetworks. When used in a LAN networking environment, computer 101 isconnected to LAN 125 through a LAN interface or adapter 113. When usedin a WAN networking environment, computer 101 may include a modem 127 orother means for establishing communications over WAN 129, such asInternet 131.

It will be appreciated that the network connections shown areillustrative and other means of establishing a communications linkbetween computers may be used. The existence of various well-knownprotocols such as TCP/IP, Ethernet, FTP, HTTP and the like is presumed,and the system can be operated in a client-server configuration topermit a user to retrieve web pages from a web-based server. Theweb-based server may transmit data to any other suitable computersystem. The web-based server may also send computer-readableinstructions, together with the data, to any suitable computer system.The computer-readable instructions may be to store the data in cachememory, the hard drive, secondary memory, or any other suitable memory.

Additionally, application program(s) 119, which may be used by computer101, may include computer executable instructions for invoking userfunctionality related to communication, such as e-mail, Short MessageService (SMS), and voice input and speech recognition applications.Application program(s) 119 (which may be alternatively referred toherein as “plugins,” “applications,” or “apps”) may include computerexecutable instructions for invoking user functionality relatedperforming various tasks. The various tasks may be related to networkcontrol settings, configurations, and/or requirements.

Computer 101 and/or terminals 141 and 151 may also be devices includingvarious other components, such as a battery, speaker, and/or antennas(not shown).

Terminal 151 and/or terminal 141 may be portable devices such as alaptop, cell phone, Blackberry™, tablet, smartphone, or any othersuitable device for receiving, storing, transmitting and/or displayingrelevant information. Terminals 151 and/or terminal 141 may be otherdevices. These devices may be identical to system 100 or different. Thedifferences may be related to hardware components and/or softwarecomponents.

Any information described above in connection with database 111, and anyother suitable information, may be stored in memory 115. One or more ofapplications 119 may include one or more algorithms that may be used toimplement features of the disclosure, and/or any other suitable tasks.

The invention may be operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well-known computing systems, environments, and/orconfigurations that may be suitable for use with the invention include,but are not limited to, personal computers, server computers, hand-heldor laptop devices, tablets, mobile phones, smart phones and/or otherpersonal digital assistants (“PDAs”), multiprocessor systems,microprocessor-based systems, set top boxes, programmable consumerelectronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

The invention may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc., that performparticular tasks or implement particular abstract data types. Theinvention may also be practiced in distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network. In a distributed computingenvironment, program modules may be located in both local and remotecomputer storage media including memory storage devices.

FIG. 2 shows illustrative apparatus 200 that may be configured inaccordance with the principles of the disclosure. Apparatus 200 may be acomputing machine. Apparatus 200 may include one or more features of theapparatus shown in FIG. 1 . Apparatus 200 may include chip module 202,which may include one or more integrated circuits, and which may includelogic configured to perform any other suitable logical operations.

Apparatus 200 may include one or more of the following components: I/Ocircuitry 204, which may include a transmitter device and a receiverdevice and may interface with fiber optic cable, coaxial cable,telephone lines, wireless devices, PHY layer hardware, a keypad/displaycontrol device or any other suitable media or devices; peripheraldevices 206, which may include counter timers, real-time timers,power-on reset generators or any other suitable peripheral devices;logical processing device 208, which may compute data structuralinformation and structural parameters of the data; and machine-readablememory 210.

Machine-readable memory 210 may be configured to store inmachine-readable data structures: machine executable instructions (whichmay be alternatively referred to herein as “computer instructions” or“computer code”), applications, signals, and/or any other suitableinformation or data structures.

Components 202, 204, 206, 208 and 210 may be coupled together by asystem bus or other interconnections 212 and may be present on one ormore circuit boards such as 220. In some embodiments, the components maybe integrated into a single chip. The chip may be silicon-based.

FIG. 3 shows illustrative system architecture 300 in accordance withprinciples of the disclosure. Architecture 300 shows host network 301.Architecture 300 also shows compatibility engine 303. Compatibilityengine 303 includes memory 305, processor 307, and ML engine 309.Architecture 300 shows target network 1 (311), target network 2 (313),and target network 3 (315).

Target network 1 (311) and target network 2 (313) may be third partynetworks that are being introduced to the environment of host network301, and which will be scanned, analyzed, and/or updated bycompatibility engine 303. Target network 3 (315) may be a nested targetnetwork that is hosted by target network 2 (315). In that case,compatibility engine 303 may scan target network 2 (315) to determineits control requirements, and then scan, analyze, and/or update targetnetwork 3 (315) based on the control requirements of target network 1(311) and/or target network 2 (313).

FIG. 4 shows illustrative flowchart 400 in accordance with principles ofthe disclosure. Flowchart 400 starts with scanning a host network atstep 401. At step 403, the system may determine control requirements ofthe host network based on the scan. At step 405, the system may scan atarget network. The scan of the target network may, in certainembodiments, be tailored based on the control requirements determinedfor the host network. If a nested target network is identified at step407, the system may perform a recursive process on the target (as ahost) and its downstream (i.e., nested) target.

If a violating element of the target network is identified at step 409,the system may generate a compatibility score at step 411. The systemmay also generate a compatibility plan at step 413. At step 415, thesystem may generate an executable file. The executable file may beexecuted at the target network step 417. The executable file may performthe compatibility plan, and may thereby update the target network to bein compliance with the control requirements of the host network.

Periodically the system may rescan the host network and/or the targetnetwork to determine if there is a change in the control requirementsand/or the compatibility score or plan. The system may, for example,perform a rescan at predetermined intervals of time (e.g., every month,week, day, hour, minute, second, substantially continuously, or at anyother suitable period). The system may rescan the target network after arescan of the host network identifies a change. The system may alsoperform a rescan after finding no violating elements at step 409 and/orafter executing the executable file at step 417.

FIG. 5 shows illustrative flowchart 500 in accordance with principles ofthe disclosure. Flowchart 500 shows an illustrative preliminary scan.The preliminary scan may, in certain embodiments, be performed prior toscanning the host network, i.e., prior to step 401 shown in FIG. 4 . Thepreliminary scan may start at step 501 with a pre-scan of the targetnetwork. At step 503, the system may determine a category of the targetnetwork based on the pre-scan. At step 505 the system may generate atailored scan of the host network based on the determined category ofthe target network. At step 507, the system may scan the host networkusing the tailored scan of step 505. Step 507 may coincide with step 401of FIG. 4 , and the system may proceed to step 403.

The steps of methods may be performed in an order other than the ordershown and/or described herein. Embodiments may omit steps shown and/ordescribed in connection with illustrative methods. Embodiments mayinclude steps that are neither shown nor described in connection withillustrative methods.

Illustrative method steps may be combined. For example, an illustrativemethod may include steps shown in connection with another illustrativemethod.

Apparatus may omit features shown and/or described in connection withillustrative apparatus. Embodiments may include features that areneither shown nor described in connection with the illustrativeapparatus. Features of illustrative apparatus may be combined. Forexample, an illustrative embodiment may include features shown inconnection with another illustrative embodiment.

The drawings show illustrative features of apparatus and methods inaccordance with the principles of the invention. The features areillustrated in the context of selected embodiments. It will beunderstood that features shown in connection with one of the embodimentsmay be practiced in accordance with the principles of the inventionalong with features shown in connection with another of the embodiments.

One of ordinary skill in the art will appreciate that the steps shownand described herein may be performed in other than the recited orderand that one or more steps illustrated may be optional. The methods ofthe above-referenced embodiments may involve the use of any suitableelements, steps, computer-executable instructions, or computer-readabledata structures. In this regard, other embodiments are disclosed hereinas well that can be partially or wholly implemented on acomputer-readable medium, for example, by storing computer-executableinstructions or modules or by utilizing computer-readable datastructures.

Thus, methods and systems for bi-directional machine-learning (ML)-basednetwork compatibility engines are provided. Persons skilled in the artwill appreciate that the present invention can be practiced by otherthan the described embodiments, which are presented for purposes ofillustration rather than of limitation, and that the present inventionis limited only by the claims that follow.

What is claimed is:
 1. A bi-directional machine-learning (ML)-basednetwork compatibility engine, said engine comprising: a processor; an MLmodule; a non-transitory memory; and computer executable instructionsstored in the memory, that, when run on the processor, are configuredto: scan a host network; determine, using the ML module, the hostnetwork's control requirements based on the scan; scan a target network;identify elements of the target network that violate the controlrequirements; and generate, using the ML engine: a compliance reportthat comprises: a compatibility score of the target network vis-à-visthe host network; and a compatibility plan that includes steps whichimprove the compatibility score and conform the target network to thecontrol requirements of the host network; and an executable file that,when executed at the target network, executes the compatibility plan. 2.The engine of claim 1 further configured to automatically execute theexecutable file at the target network.
 3. The engine of claim 1 furtherconfigured to: periodically rescan the host network to determine if thecontrol requirements are changed; when the control requirements arechanged, rescan the target network to determine if the compatibilityscore or the compatibility plan are changed due to the changed controlrequirements; and when the compatibility score or the compatibility planare changed, update the compliance report.
 4. The engine of claim 1further configured to: periodically rescan the target network todetermine if the compatibility score or the compatibility plan arechanged; and when the compatibility score or the compatibility plan arechanged, update the compliance report.
 5. The engine of claim 1 wherein:the target network is a first target network; and when the scan of thefirst target network identifies that the first target network is host toa second target network, the engine is further configured to: determine,using the ML module, the first target network's control requirements;scan the second target network; identify elements of the second targetnetwork that violate the control requirements of the first targetnetwork or of the host network; and incorporate information pertainingto the second target network into the compliance report.
 6. The engineof claim 1 wherein: prior to the scan of the host network, the engine isconfigured to perform a preliminary scan of the target network todetermine a category of the target network; and the scan of the hostnetwork is tailored based on the category of the target network.
 7. Theengine of claim 1 wherein the scan of the target network is tailoredbased on the results of the scan of the host network.
 8. The engine ofclaim 1 wherein the control requirements comprise: data loss prevention(DLP) settings and configurations; and network firewall settings andconfigurations.
 9. The engine of claim 1 wherein the ML module istrained using historical data regarding interactions between the hostnetwork and other target networks.
 10. A machine-learning (ML)-basedmethod for conforming a target network to control requirements of a hostnetwork, the method comprising: running a first digital scan of the hostnetwork; determining, using an ML module, the host network's controlrequirements based on the first digital scan; running a second digitalscan of the target network; identifying, based on the second digitalscan, elements of the target network that violate the controlrequirements; and generating, using the ML engine: a compliance reportthat comprises: a compatibility score of the target network vis-à-visthe host network; and a compatibility plan that includes steps whichimprove the compatibility score and conform the target network to thecontrol requirements of the host network; and an executable file that,when executed at the target network, executes the compatibility plan.11. The method of claim 10 further comprising automatically executingthe executable file at the target network.
 12. The method of claim 10further comprising: periodically rescanning the host network todetermine if the control requirements are changed; when the controlrequirements are changed, rescanning the target network to determine ifthe compatibility score or the compatibility plan are changed due to thechanged control requirements; and when the compatibility score or thecompatibility plan are changed, updating the compliance report.
 13. Themethod of claim 10 further comprising: periodically rescanning thetarget network to determine if the compatibility score or thecompatibility plan are changed; and when the compatibility score or thecompatibility plan are changed, updating the compliance report.
 14. Themethod of claim 10 wherein the target network is a first target network,and, when the scan of the first target network identifies that the firsttarget network is host to a second target network, the method furthercomprises: determining, using the ML module, the first target network'scontrol requirements; digitally scanning the second target network;identifying elements of the second target network that violate thecontrol requirements of the first target network or of the host network;and incorporating information pertaining to the second target networkinto the compliance report.
 15. The method of claim 10 furthercomprising: performing, prior to the first digital scan, a preliminaryscan of the target network to determine a category of the targetnetwork; and tailoring the first digital scan based on the category ofthe target network.
 16. The method of claim 10 further comprisingtailoring the second digital scan based on the results of the firstdigital scan.
 17. The method of claim 10 wherein the controlrequirements comprise: data loss prevention (DLP) settings andconfigurations; and network firewall settings and configurations. 18.The method of claim 10 further comprising training the ML module usinghistorical data regarding interactions between the host network andother target networks.
 19. A machine-learning (ML)-based networkcompatibility system, the system comprising: a host network; an MLmodule; and computer code stored in a non-transitory memory for runningon a processor; wherein the system is configured to: scan the hostnetwork; determine, using the ML module, the host network's controlrequirements based on the scan; scan a target network; identify elementsof the target network that violate the control requirements; andgenerate, using the ML engine: a compliance report that comprises: acompatibility score of the target network vis-à-vis the host network;and a compatibility plan that includes steps which improve thecompatibility score and conform the target network to the controlrequirements of the host network; and an executable file that, whenexecuted at the target network, executes the compatibility plan.
 20. Thesystem of claim 19 further configured to: rescan the target network todetermine if the compatibility score or the compatibility plan arechanged; and when the compatibility score or the compatibility plan arechanged, update the compliance report.